Author
Topic: I can't post on mailing lists (Read 2726 times)

Some days ago I wrote message to the Lazarus mailing list, then Ireceived mails from both with the following text:

> Your mail to 'Lazarus' with the subject> fppkgPackageManager - paths of configuration files and packages> Is being held until the list moderator can review it for approval.> The reason it is being held:> The message headers matched a filter rule

First I wrote to lazarus@lists.lazarus.freepascal.org and after theabove answer I wrote to lazarus@lists.lazarus-ide.org.

The mails were sent from Thunderbird. On some anti-spam lists UPCnetwork (UPC is my internet provider) is marked as dangerous because UPCallows the users to open the port (25) without control, that allows themto create a lot of smtp (mail send) servers... and some users do so...But I'm not sure about that this is the cause of my problem.

My mail was about FppkgPackageManager problems. I tried to start adiscussion before creating bugreport(s) if it is needed...I hope that the moderator(s) of mailing list will allow my mail to beposted and me to use the list without problems as before.I use thunderbird more than 10 years ago and there was no problem before... however my previous post (before the mentioned) to the mailing listwas sent at 2017.may.13. Maybe the filters were updated/changed since then.

This is a very annoying situation because some spammers was able to post on thelist using the names of real users. Using various names (Gabor Boros andJohn Landmesser) of real members but the email address is<Sascha.Hestermann@gmx.de>Gabor Boros (the real one) was reporting this issue but the spammeremail address was not blocked yet.Also José Mejuto was reporting the related IP (14.169.188.113). Seedetails in the archive of the list: "SPAM - Postfix master" thread.

Sapm-mail titles in the last months are for example: "☯pure joy" and"✈Re: amazing news!". These spam mails sometimes have attached images.

Also I tried to connect you via #lazarus-ide IRC channel but I had no luck.Also I wrote to mailman but I've got no answer

Maybe the issue applies to FPC lists (but I did not test to avoidranking me as a robotic spammer )

Not many ISP's - except in Trump country - do, although they advertise it. If you get hit a second time (as a spammer) YOU most likely did something wrong.Also note most spam on this forum has fake email addresses and are easy to spot. In that case that IP gets blocked. But if that fake email resolves to an IP that is yours, you will be blocked again...

Maybe you are running a Tor exit? Don't! on your daily machines. Use a spare one, dedicated.

« Last Edit: June 19, 2017, 04:00:35 pm by Thaddy »

Logged

"Logically, no number of positive outcomes at the level of experimental testing can confirm a scientific theory, but a single counterexample is logically decisive."

As a result of spammers spamming in the name of real users, I've installed spamassasin on the mailinglist server. When you reach a score of 5 you get this message (it is the filter rule the message is talking about)You get high scores if you're mailing from an known spam server, open relay server or post a message with links to known spam sitesEach of the scores is not high enough to get marked as spam. So your mail must have more issues.

Can you give me the message id of the response you got, and a timestamp ?

Did your message et to the list ? If not, it has probably been discarded.

Logged

//--{$I stdsig.inc}//-I still can't read someones mind//-Bugs reported here will be forgotten. Use the bug tracker

Not many ISP's - except in Trump country - do, although they advertise it. If you get hit a second time (as a spammer) YOU most likely did something wrong.Also note most spam on this forum has fake email addresses and are easy to spot. In that case that IP gets blocked. But if that fake email resolves to an IP that is yours, you will be blocked again...

Maybe you are running a Tor exit? Don't! on your daily machines. Use a spare one, dedicated.

sorry I'm under dynamic IP and I'm in Europe. IP filtering does not work you need header parsers and even then it is impossible to catch spammers, think spoofing, it is extremely easy to spoof emails with what ever you like.

Logged

Good judgement is the result of experience … Experience is the result of bad judgement.

@taazzIt is easy to detect spoofed emails even if you are under a dynamic IP. E.g. SpamAssassin uses the techniques I am referring to. That's because the mailserver is known, at least the outgoing last IP. And that is a real IP. Unless run your own mailserver under dynamic IP which has several other security related issues and is even not very easy to do. Dynamic IP itself should be taken with a pinch of salt: usually it just means that your IP MAY change if the ISP feels it needs to. Normally it is stable for several months or in my case at home: years. Exception: some US providers change it a lot, but monthly, not weekly. The referring header is usually only a small part of serious anti-spam tools and works just indicative.If you get blocked by spamassissin, your emailserver is in an IP block that is known to be used for spam. Your RH doesn't say much in such a case....

For running a mailserver under dynamic IP you need a dedicated service like http://ip.thaddy.com (this example running by me for the last 10 years) to keep your mailserver configured properly. That's just to show you I know what I am talking about, but its use is free...

« Last Edit: June 19, 2017, 06:19:10 pm by Thaddy »

Logged

"Logically, no number of positive outcomes at the level of experimental testing can confirm a scientific theory, but a single counterexample is logically decisive."

@taazzIt is easy to detect spoofed emails even if you are under a dynamic IP. E.g. SpamAssassin uses the techniques I am referring to. That's because the mailserver is known, at least the outgoing last IP. And that is a real IP. Unless run your own mailserver under dynamic IP which has several other security related issues and is even not very easy to do. Dynamic IP itself should be taken with a pinch of salt: usually it just means that your IP MAY change if the ISP feels it needs to. Normally it is stable for several months or in my case at home: years. Exception: some US providers change it a lot, but monthly, not weekly. The referring header is usually only a small part of serious anti-spam tools and works just indicative.If you get blocked by spamassissin, your emailserver is in an IP block that is known to be used for spam. Your RH doesn't say much in such a case....

For running a mailserver under dynamic IP you need a dedicated service like http://ip.thaddy.com (this example running by me for the last 10 years) to keep your mailserver configured properly. That's just to show you I know what I am talking about, but its use is free...

you are going to deep on detection and ignore the spam mailer (aka the source). A spam mailer (a good one that is) usually has an smtp server included it spoofs the server not the client IP.

Logged

Good judgement is the result of experience … Experience is the result of bad judgement.

I am talking about the server. Nothing to spoof. Just ignore anything about referral headers. You can't spoof a real IP on the IP stack level. Otherwise there would be no connection at all.What you describe is not spoofing, but running a mailserver (or a relay switch) on a hacked machine. Spoofing means faking. Really. Back to school. My link is to keep a server properly configured....It returns the current exposed IP for the dynamic ip address as a clean string, w/o html, so you can run a script to keep the server working properly.

« Last Edit: June 19, 2017, 09:11:21 pm by Thaddy »

Logged

"Logically, no number of positive outcomes at the level of experimental testing can confirm a scientific theory, but a single counterexample is logically decisive."

Blocking solely on sender IP doesn't work. The current dns based server reputation lists work better and together with content scanning on urls give a pretty clean list.IMO everyone capable should be allowed to run a mailserver (upc IPs are pretty static, at least mine is)

Some minutes ago I wrote another very simple testing mail to lazarus@lists.lazarus-ide.org:

WW91ciBtYWlsIHRvICdMYXphcnVzJyB3aXRoIHRoZSBzdWJqZWN0CgogICAgdGVzenQgMgoKSXMgYmVpbmcgaGVsZCB1bnRpbCB0aGUgbGlzdCBtb2RlcmF0b3IgY2FuIHJldmlldyBpdCBmb3IgYXBwcm92YWwuCgpUaGUgcmVhc29uIGl0IGlzIGJlaW5nIGhlbGQ6CgogICAgVGhlIG1lc3NhZ2UgaGVhZGVycyBtYXRjaGVkIGEgZmlsdGVyIHJ1bGUKCkVpdGhlciB0aGUgbWVzc2FnZSB3aWxsIGdldCBwb3N0ZWQgdG8gdGhlIGxpc3QsIG9yIHlvdSB3aWxsIHJlY2VpdmUKbm90aWZpY2F0aW9uIG9mIHRoZSBtb2RlcmF0b3IncyBkZWNpc2lvbi4gIElmIHlvdSB3b3VsZCBsaWtlIHRvIGNhbmNlbAp0aGlzIHBvc3RpbmcsIHBsZWFzZSB2aXNpdCB0aGUgZm9sbG93aW5nIFVSTDoKCiAgICBodHRwOi8vbGlzdHMubGF6YXJ1cy1pZGUub3JnL2NvbmZpcm0vbGF6YXJ1cy8zOGFmNmE3ODc2OWQzYmI0N2IxYThlNjFjMDgwMzExNzlmZDFjMWQwCgo=Note: I do not and did not run any mail-server...